From: Kai Moritz Date: Sun, 25 May 2025 15:54:37 +0000 (+0200) Subject: WIP:sasl-client--broker-angepasst--separate-accounts X-Git-Url: http://juplo.de/gitweb/?a=commitdiff_plain;h=ccff0ed7f02fbb514ad265bb2e03bac2a036ac45;p=demos%2Fkafka%2Ftraining WIP:sasl-client--broker-angepasst--separate-accounts --- diff --git a/STEP-ONE.sh b/STEP-ONE.sh index a78cc8e..2e87a43 100755 --- a/STEP-ONE.sh +++ b/STEP-ONE.sh @@ -20,22 +20,36 @@ docker compose exec zookeeper zookeeper-shell zookeeper:2181 get /cluster/id echo "Starting Kafka in Zookeeper-Mode..." docker compose up setup -echo "Setting up ACLs for the consumer and the producer..." -# client +echo "Setting up ACLs for the producer..." docker compose exec cli kafka-acls \ --command-config /mnt/admin.properties \ --bootstrap-server kafka:9092 \ --add \ - --allow-principal User:client \ + --allow-principal User:producer \ --topic test \ - --consumer --group=my-group \ --producer docker compose exec cli kafka-acls \ --command-config /mnt/admin.properties \ --bootstrap-server kafka:9092 \ --list \ - --user-principal User:client \ + --user-principal User:producer \ + --topic test + +echo "Setting up ACLs for the consumer..." +docker compose exec cli kafka-acls \ + --command-config /mnt/admin.properties \ + --bootstrap-server kafka:9092 \ + --add \ + --allow-principal User:consumer \ + --topic test \ + --consumer --group=my-group \ + +docker compose exec cli kafka-acls \ + --command-config /mnt/admin.properties \ + --bootstrap-server kafka:9092 \ + --list \ + --user-principal User:consumer \ --group=my-group \ --topic test diff --git a/admin.properties b/admin.properties index b040250..d7168db 100644 --- a/admin.properties +++ b/admin.properties @@ -2,4 +2,4 @@ sasl.mechanism=PLAIN security.protocol=SASL_PLAINTEXT sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ username="broker" \ - password="geheim"; + password="brokerpw"; diff --git a/docker-compose.yml b/docker-compose.yml index df9f07f..c762053 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,24 +31,27 @@ services: KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000 @@ -85,24 +88,27 @@ services: KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000 @@ -144,24 +150,27 @@ services: KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_broker="geheim" \ - user_client="geheim" \ + user_broker="brokerpw" \ + user_producer="producerpw" \ + user_consumer="consumerpw" \ username="broker" \ - password="geheim"; \ + password="brokerpw"; \ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000 @@ -263,7 +272,7 @@ services: spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim"; + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="producer" password="producerpw"; juplo.producer.topic: test consumer: @@ -274,7 +283,7 @@ services: spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim"; + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw"; spring.kafka.consumer.auto-offset-reset: earliest logging.level.org.apache.kafka.clients.consumer: INFO juplo.consumer.topic: test @@ -287,7 +296,7 @@ services: spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim"; + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw"; spring.kafka.consumer.auto-offset-reset: earliest logging.level.org.apache.kafka.clients.consumer: INFO juplo.consumer.topic: test @@ -300,7 +309,7 @@ services: spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim"; + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw"; spring.kafka.consumer.auto-offset-reset: earliest logging.level.org.apache.kafka.clients.consumer: INFO juplo.consumer.topic: test